Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/f5oLUe7p6iLi5-WbVgwkX6GETi0.roa
File:                     f5oLUe7p6iLi5-WbVgwkX6GETi0.roa (raw, json)
Hash identifier:          dC6rvovDoajd5pDsKJJ1TV1rjo+wl65Qhu5f2otmCLc=
Subject key identifier:   7F:9A:0B:51:EE:E9:EA:22:E2:E7:E5:9B:56:0C:24:5F:A1:84:4E:2D
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018EA34EA9CF200652EE5F2E5E31EDEBAFD6
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/f5oLUe7p6iLi5-WbVgwkX6GETi0.roa
Signing time:             Wed 03 Apr 2024 09:33:45 +0000
ROA not before:           Wed 03 Apr 2024 09:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        5.181.84.0/24 maxlen: 24
                          5.181.85.0/24 maxlen: 24
                          5.181.87.0/24 maxlen: 24
                          45.94.170.0/24 maxlen: 24
                          45.144.215.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          146.19.125.0/24 maxlen: 24
                          193.30.241.0/24 maxlen: 24
                          193.57.41.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 04 Apr 2024 18:57:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:4e:a9:cf:20:06:52:ee:5f:2e:5e:31:ed:eb:af:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Apr  3 09:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f9a0b51eee9ea22e2e7e59b560c245fa1844e2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a1:ad:f5:d8:aa:38:c8:2e:b4:4d:ce:e6:b1:
                    60:a5:fc:db:c8:eb:7d:ae:67:b5:45:b2:5f:f6:40:
                    79:55:7f:5e:b7:63:bc:24:51:8b:2f:c9:86:5c:1a:
                    7b:42:58:a9:39:58:7c:14:ce:0f:f1:80:5a:2a:91:
                    24:2d:bc:a2:f5:53:e0:83:79:3e:f0:8b:2f:9c:fa:
                    f7:49:cf:67:16:45:6b:e8:68:f5:36:d7:9e:d9:c6:
                    49:2c:c4:f0:b7:cd:df:9e:9d:b3:67:ad:4c:53:42:
                    5f:68:68:e3:b0:c1:e7:4a:d1:7b:81:b8:bb:9e:0f:
                    79:e3:00:0b:42:d2:20:41:3c:1a:20:ef:26:67:a8:
                    cd:8e:c8:af:cb:9f:21:27:ac:06:f6:9b:c8:f9:55:
                    34:33:c2:f5:71:0e:b3:52:17:4f:33:f3:8a:d3:ae:
                    a0:6f:d2:86:69:aa:81:63:8d:e2:ba:65:db:7a:db:
                    30:fe:bf:cd:54:bd:10:06:89:93:f4:30:5f:72:a4:
                    86:9d:09:db:0c:4f:d8:e9:83:cb:06:f7:14:b3:ba:
                    93:62:73:b0:3b:12:1a:04:92:5e:f9:8d:4e:fc:38:
                    f3:35:89:28:7e:b7:00:4d:4e:23:c0:d8:a2:65:7b:
                    1b:32:b5:be:54:d5:70:e4:60:b1:69:ae:83:55:36:
                    5a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:9A:0B:51:EE:E9:EA:22:E2:E7:E5:9B:56:0C:24:5F:A1:84:4E:2D
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/f5oLUe7p6iLi5-WbVgwkX6GETi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.84.0/23
                  5.181.87.0/24
                  45.94.170.0/24
                  45.144.215.0/24
                  85.209.120.0/23
                  146.19.125.0/24
                  193.30.241.0/24
                  193.57.41.0/24
                  195.177.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:ee:63:08:a9:fa:de:2c:57:56:15:b2:53:c7:2a:31:07:04:
         18:4d:ca:ee:70:9c:ce:18:c1:c7:d4:c7:82:6d:d7:33:4d:9e:
         1d:06:1e:a8:86:67:a4:b1:5f:3b:66:5b:26:86:ba:dd:02:99:
         f1:e9:75:bb:aa:ea:b4:3a:d3:d3:04:b1:2c:b9:62:b5:40:db:
         09:27:15:3a:70:cc:63:9d:f6:c7:25:a4:e5:3b:1d:98:3a:f3:
         6d:e8:10:77:c6:4d:a5:a2:6e:3a:92:3b:7a:f7:5a:97:84:dd:
         02:3d:3a:4a:b8:ff:d6:89:10:40:36:0f:e5:6c:6a:62:ff:71:
         cd:7b:2d:35:97:68:3c:2d:69:7e:83:7e:5d:ea:4b:31:d4:c2:
         6b:c2:57:82:a6:22:4a:4f:c0:81:c8:7b:1c:51:dd:65:13:c6:
         7e:0e:12:f6:6d:30:07:d0:d9:76:c6:07:9a:fb:15:08:45:56:
         fb:ff:0b:cb:ba:f3:c5:d7:89:c4:f3:f2:57:2b:0d:c9:27:61:
         ea:47:78:a2:a1:6d:fc:88:11:d2:1a:76:84:73:e3:e9:86:d1:
         4d:20:5d:04:ed:c9:c4:ec:2e:ba:b3:bb:4f:2f:8f:ef:d4:f6:
         9e:e4:72:b8:e5:85:5d:d0:82:d4:79:44:9a:d1:3e:b0:57:e6:
         6f:ec:08:c9
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY6jTqnPIAZS7l8uXjHt66/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwNDAzMDkzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjlhMGI1MWVlZTllYTIyZTJlN2U1OWI1NjBjMjQ1ZmExODQ0ZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KGt9diqOMgutE3O5rFgpfzbyOt9
rme1RbJf9kB5VX9et2O8JFGLL8mGXBp7QlipOVh8FM4P8YBaKpEkLbyi9VPgg3k+
8IsvnPr3Sc9nFkVr6Gj1Ntee2cZJLMTwt83fnp2zZ61MU0JfaGjjsMHnStF7gbi7
ng954wALQtIgQTwaIO8mZ6jNjsivy58hJ6wG9pvI+VU0M8L1cQ6zUhdPM/OK066g
b9KGaaqBY43iumXbetsw/r/NVL0QBomT9DBfcqSGnQnbDE/Y6YPLBvcUs7qTYnOw
OxIaBJJe+Y1O/DjzNYkofrcATU4jwNiiZXsbMrW+VNVw5GCxaa6DVTZaWwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFH+aC1Hu6eoi4uflm1YMJF+hhE4tMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvZjVvTFVlN3A2aUxpNS1XYlZnd2tYNkdFVGkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBBbVUAwQA
BbVXAwQALV6qAwQALZDXAwQBVdF4AwQAkhN9AwQAwR7xAwQAwTkpAwQAw7FfMA0G
CSqGSIb3DQEBCwUAA4IBAQAs7mMIqfreLFdWFbJTxyoxBwQYTcrucJzOGMHH1MeC
bdczTZ4dBh6ohmeksV87ZlsmhrrdApnx6XW7quq0OtPTBLEsuWK1QNsJJxU6cMxj
nfbHJaTlOx2YOvNt6BB3xk2lom46kjt691qXhN0CPTpKuP/WiRBANg/lbGpi/3HN
ey01l2g8LWl+g35d6ksx1MJrwleCpiJKT8CByHscUd1lE8Z+DhL2bTAH0Nl2xgea
+xUIRVb7/wvLuvPF14nE8/JXKw3JJ2HqR3iioW38iBHSGnaEc+PphtFNIF0E7cnE
7C66s7tPL4/v1Pae5HK45YVd0ILUeUSa0T6wV+Zv7AjJ
-----END CERTIFICATE-----